CVE-2016-9880

{"id": "CVE-2016-9880", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-03-16T20:29:00.227", "references": [{"url": "http://www.securityfocus.com/bid/96146", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2016-9880", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/96146", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2016-9880", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker."}, {"lang": "es", "value": "El broker GemFire para Cloud Foundry, en versiones 1.6.x anteriores a la 1.6.5 y versiones 1.7.x anteriores a la 1.7.1, tiene m\u00faltiples endpoints de API que no requieren autenticaci\u00f3n y que podr\u00edan usarse para obtener acceso al cl\u00faster gestionado por el broker."}], "lastModified": "2024-11-21T03:01:56.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0C5E862-1E0D-4078-A0EF-8A3C11FC4B10", "versionEndExcluding": "1.6.5", "versionStartIncluding": "1.6.0"}, {"criteria": "cpe:2.3:a:pivotal_software:gemfire_for_pivotal_cloud_foundry:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBEA1A89-84E4-4435-9AC5-29F972F0D7A4"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}